cbcvebase.
CVE-2022-41723
published 2023-02-28

CVE-2022-41723: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of…

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
4.56%
90.4th percentile
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Affected

17 ranges
VendorProductVersion rangeFixed in
canonicallxd>= 0 < 2.0.11-0ubuntu1~16.04.4+esm22.0.11-0ubuntu1~16.04.4+esm2
canonicallxd>= 0 < 3.0.3-0ubuntu1~18.04.2+esm23.0.3-0ubuntu1~18.04.2+esm2
debiangolang-1.15< golang-1.19 1.19.6-2 (bookworm)golang-1.19 1.19.6-2 (bookworm)
debiangolang-1.19< golang-1.19 1.19.6-2 (bookworm)golang-1.19 1.19.6-2 (bookworm)
debiangolang-golang-x-net< golang-1.19 1.19.6-2 (bookworm)golang-1.19 1.19.6-2 (bookworm)
golang.orgx_net>= 0 < 0.7.00.7.0
golanggo< 1.19.61.19.6
golanggo
golanghpack< 0.7.00.7.0
golanghttp2< 0.7.00.7.0
msrcazl3_application-gateway-kubernetes-ingress_1.7.2-2_on_azure_linux_3.0
msrcazl3_application-gateway-kubernetes-ingress_1.7.2-3_on_azure_linux_3.0
msrcazl3_kubevirt_0.59.0-14_on_azure_linux_3.0
msrcazl3_kubevirt_1.2.0-1_on_azure_linux_3.0
msrccbl2_golang_1.17.13-2_on_cbl_mariner_2.0
msrccbl2_golang_1.18.8-7_on_cbl_mariner_2.0
paloaltopan-os

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.